From 3ee5b6b3f363edcea0f492c0b85b56c131fa6524 Mon Sep 17 00:00:00 2001
From: Jose Lorenzo Rodriguez <jose.zap@gmail.com>
Date: Tue, 3 Jun 2014 18:21:00 +0200
Subject: [PATCH] Removing the BlowfishPassword hasher

---
 .../Component/Auth/BaseAuthenticate.php       |  4 +-
 .../Component/Auth/BlowfishPasswordHasher.php | 61 -------------------
 .../Component/Auth/FormAuthenticateTest.php   |  2 +-
 .../Component/AuthComponentTest.php           |  4 +-
 4 files changed, 5 insertions(+), 66 deletions(-)
 delete mode 100644 src/Controller/Component/Auth/BlowfishPasswordHasher.php

diff --git a/src/Controller/Component/Auth/BaseAuthenticate.php b/src/Controller/Component/Auth/BaseAuthenticate.php
index 024333646c8..660a47bcd32 100644
--- a/src/Controller/Component/Auth/BaseAuthenticate.php
+++ b/src/Controller/Component/Auth/BaseAuthenticate.php
@@ -42,7 +42,7 @@ abstract class BaseAuthenticate {
  * - `contain` Extra models to contain and store in session.
  * - `passwordHasher` Password hasher class. Can be a string specifying class name
  *    or an array containing `className` key, any other keys will be passed as
- *    config to the class. Defaults to 'Blowfish'.
+ *    config to the class. Defaults to 'Simple'.
  *
  * @var array
  */
@@ -54,7 +54,7 @@ abstract class BaseAuthenticate {
 		'userModel' => 'Users',
 		'scope' => [],
 		'contain' => null,
-		'passwordHasher' => 'Blowfish'
+		'passwordHasher' => 'Simple'
 	];
 
 /**
diff --git a/src/Controller/Component/Auth/BlowfishPasswordHasher.php b/src/Controller/Component/Auth/BlowfishPasswordHasher.php
deleted file mode 100644
index b5d692e78b8..00000000000
--- a/src/Controller/Component/Auth/BlowfishPasswordHasher.php
+++ /dev/null
@@ -1,61 +0,0 @@
-<?php
-/**
- * CakePHP(tm) : Rapid Development Framework (http://cakephp.org)
- * Copyright (c) Cake Software Foundation, Inc. (http://cakefoundation.org)
- *
- * Licensed under The MIT License
- * For full copyright and license information, please see the LICENSE.txt
- * Redistributions of files must retain the above copyright notice.
- *
- * @copyright     Copyright (c) Cake Software Foundation, Inc. (http://cakefoundation.org)
- * @link          http://cakephp.org CakePHP(tm) Project
- * @since         2.4.0
- * @license       http://www.opensource.org/licenses/mit-license.php MIT License
- */
-namespace Cake\Controller\Component\Auth;
-
-use Cake\Controller\Component\Auth\AbstractPasswordHasher;
-use Cake\Utility\Security;
-
-/**
- * Blowfish password hashing class.
- *
- * @deprecated
- */
-class BlowfishPasswordHasher extends AbstractPasswordHasher {
-
-/**
- * Generates password hash.
- *
- * @param string $password Plain text password to hash.
- * @return string Password hash
- * @link http://book.cakephp.org/2.0/en/core-libraries/components/authentication.html#using-bcrypt-for-passwords
- */
-	public function hash($password) {
-		return Security::hash($password, 'blowfish', false);
-	}
-
-/**
- * Returns true if the password need to be rehashed, due to the password being
- * created with anything else than the passwords generated by this class.
- *
- * @param string $password The password to verify
- * @param mixed $hashType the algorithm used to hash the password
- * @return boolean
- */
-	public function check($password, $hashedPassword) {
-		return $hashedPassword === Security::hash($password, 'blowfish', $hashedPassword);
-	}
-
-/**
- * Returns true if the password need to be rehashed, due to the password being
- * created with anything else than the passwords generated by this class.
- *
- * @param string $password The password to verify
- * @return boolean
- */
-	public function needsRehash($password) {
-		return password_needs_rehash($password, PASSWORD_BCRYPT);
-	}
-
-}
diff --git a/tests/TestCase/Controller/Component/Auth/FormAuthenticateTest.php b/tests/TestCase/Controller/Component/Auth/FormAuthenticateTest.php
index 4fef1120749..8fdca90b4cb 100644
--- a/tests/TestCase/Controller/Component/Auth/FormAuthenticateTest.php
+++ b/tests/TestCase/Controller/Component/Auth/FormAuthenticateTest.php
@@ -298,7 +298,7 @@ public function testPasswordHasherSettings() {
 			'userModel' => 'Users'
 		]);
 		$this->auth->config('passwordHasher', [
-			'className' => 'Blowfish'
+			'className' => 'Simple'
 		]);
 		$this->assertEquals($expected, $this->auth->authenticate($request, $this->response));
 
diff --git a/tests/TestCase/Controller/Component/AuthComponentTest.php b/tests/TestCase/Controller/Component/AuthComponentTest.php
index 5974a6801f4..4931eedaaba 100644
--- a/tests/TestCase/Controller/Component/AuthComponentTest.php
+++ b/tests/TestCase/Controller/Component/AuthComponentTest.php
@@ -375,7 +375,7 @@ public function testAllConfigWithAuthenticate() {
 	public function testSameAuthenticateWithDifferentHashers() {
 		$this->Controller->Auth->config('authenticate', [
 			'FormSimple' => ['className' => 'Form', 'passwordHasher' => 'Simple'],
-			'FormBlowfish' => ['className' => 'Form', 'passwordHasher' => 'Blowfish'],
+			'FormBlowfish' => ['className' => 'Form', 'passwordHasher' => 'Fallback'],
 		]);
 
 		$objects = $this->Controller->Auth->constructAuthenticate();
@@ -385,7 +385,7 @@ public function testSameAuthenticateWithDifferentHashers() {
 		$this->assertInstanceOf('Cake\Controller\Component\Auth\FormAuthenticate', $objects[1]);
 
 		$this->assertInstanceOf('Cake\Controller\Component\Auth\SimplePasswordHasher', $objects[0]->passwordHasher());
-		$this->assertInstanceOf('Cake\Controller\Component\Auth\BlowfishPasswordHasher', $objects[1]->passwordHasher());
+		$this->assertInstanceOf('Cake\Controller\Component\Auth\FallbackPasswordHasher', $objects[1]->passwordHasher());
 	}
 
 /**